When you create a connection to a portlet producer, the producer is registered with the WebCenter Portal application and the connection is added to the connections.xml file. For WRSP producers, a web service connection is also created, which follows the naming convention, connectionname-wsconn. For Oracle PDK-Java producers, an underlying URL connection is created, which follows the naming convention, connectionname-urlconn. During the registration, connection metadata is created in the Oracle Metadata Services (MDS) repository and in the producer being registered. When a producer is consumed, the user customizations are saved to the producer. During deregistration the producer connection and customizations are removed.

Portlet producer registration is dynamic. New portlet producers and updates to existing producers are immediately available in the WebCenter Portal application; it is not necessary to restart the WebCenter Portal application or the managed server.

For information about how to register WSRP producers at design-time, using JDeveloper, see the section "How to Register a WSRP Portlet Producer" in the Oracle Fusion Middleware Developer's Guide for Oracle WebCenter Portal.

24.2.1 Registering a WSRP Producer Using Fusion Middleware Control

To register a WSRP portlet producer:

Log in to Fusion Middleware Control and navigate to the home page for the WebCenter Portal application. For more information, see:

For WSRP producers, you can obtain this registration URL by accessing the producer test page at:

http://host_name:port_number/context_root/info

Use Proxy?

Select if the WebCenter Portal application must use an HTTP proxy when contacting this producer. If selected, enter values for Proxy Host and Proxy Port.

A proxy is required when the WebCenter Portal application and the remote portlet producer are separated by a firewall and an HTTP proxy is needed to communicate with the producer.

Proxy Host

Enter the host name or IP address of the proxy server.

Do not prefix http:// to the proxy server name.

Proxy Port

Enter the port number on which the proxy server listens. The default port is 80.

Default Execution Timeout (Seconds)

Enter a suitable timeout for communications with the producer, in seconds. For example, the maximum time the producer may take to register, deregister, or display portlets on WebCenter Portal application pages. The default is 30 seconds.

Individual portlets may define their own timeout period, which takes precedence over the value expressed here.

Use the Security section to specify the type of security token to use for the identity propagation/assertion.

The security token with the propagated or asserted user information is represented as an XML element in the SOAP header. The security token and the SOAP message body are then digitally signed to prove the authenticity of the SOAP message origin from the WebCenter Portal application. WebCenter Portal applications support six types of security tokens: WSS 1.0 Username Token Without Password, WSS 1.0 Username Token With Password, WSS 1.0 SAML Token, WSS 1.0 SAML Token With Message Integrity, WSS 1.0 SAML Token With Message Protection, and WSS 1.1 SAML Token With Message Protection.

Where SAML is an abbreviation for Security Assertion Markup Language.

Note:

PeopleSoft WSRP producers support two profiles: Username Token With Password and SAML Token With Message Integrity. Oracle Portal (as a consumer) supports three profiles: Username Token Without Password, Username Token With Password, SAML Token With Message Integrity. Other Oracle WSRP producers support all six profiles. For other WSRP containers, check with the specific vendor to determine the token formats they support.

Use this token profile if the WSRP producer has a different identity store. You will need to define an external application pertaining to the producer and associate the external application with this producer.

WSS 1.0SAML Token(oracle/wss10_saml_token_client_policy)âThis policy provides SAML-based authentication for outbound SOAP request messages in accordance with the WS-Security 1.0 standard. The policy propagates user identity and is typically used in intra departmental deployments where message protection and integrity checks are not required.

This policy does not require any keystore configuration.

WSS 1.1 SAML Token with Message Protection
(oracle/wss11_saml_token_with_message_protection_client_policy)âThis policy provides message-level protection (integrity and confidentiality) and SAML token population for outbound SOAP requests in accordance with the WS-Security 1.1 standard. A SAML token, included in the SOAP message, is used in SAML-based authentication with sender vouches confirmation. This policy uses the symmetric key technology for signing and encryption, and WS-Security's Basic 128 suite of asymmetric key technologies for endorsing signatures.

NoneâNo token. If None is selected, no WS-Security header is attached to the SOAP message.

Configuration

Select:

Default to use a default token profile configuration.

Custom to provide a custom Oracle Web Service Manager configuration.

Additional security options display (including all the keystore properties) when you select Custom.

Issuer Name

Enter the name of the issuer of the SAML Token.

For example: www.example.com

The issuer name is the attesting entity that vouches for the verification of the subject, and it must be a trusted SAML issuer on the producer end.

Enter a user name to assert to the remote producer when the user is not authenticated with the WebCenter Portal application.

When unauthenticated, the identity anonymous is associated with the application user. The value anonymous may be inappropriate for the remote producer, so it may be necessary to specify an alternative identity here. Keep in mind though, that in this case, the WebCenter Portal application has not authenticated the user so the default user you specify should be a low privileged user in the remote producer. If the user has authenticated to the application, the user's identity is asserted rather than the default user.

If this producer uses an external application for authentication, use the Associated External Application dropdown list to identify the application. If the application you want is not listed, select Create New to define the external application now.

Use the Keystore section to specify the location of the key store that contains the certificate and private key that is used for signing some parts (security token and SOAP message body) of the SOAP message.

Only configure these properties if you want to override the configuration specified for the domain

Specify the key store alias that is associated with the producer's certificate.

This certificate is used to encrypt the message to the producer.

Store Path

Enter the absolute path to the keystore that contains the certificate and the private key that is used for signing or encrypting the SOAP message (security token and message body). The signature, encryption, and recipient keys described in this table must be available in this keystore.

The keystore file specified must be created using JDK's keytool utility.

Password

Provide the password to the keystore that was set when the keystore was created. The producer is not available if a password is not specified or incorrect.

Signature Key Alias

Enter the signature key alias.

The Signature Key Alias is the identifier for the certificate associated with the private key that is used for signing.

Signature Key Password

Enter the password for accessing the key identified by the alias specified in Signature Key Alias.

Encryption Key Alias

Enter the key alias used by the producer to encrypt the return message. A valid value is one of the key aliases that is located in the specified key store.

This property is optional. If not specified, the producer uses the signing key for encrypting the return message.